RealTime IT News

Jamie de Guerre, Director, Partner Programs, Cloudmark

Jamie de GuerreAverage small-to-medium-sized business (SMB) users spend almost 13 minutes a day filtering spam and other flotsam from their e-mail each day. This can add up to some real money when you multiply that by the number of employees in an organization, and it can be dangerous if some of the spam contain viruses or harmful bits of code.

It is no surprise that the anti-spyware market is expected to grow from $214 million this year to $1.4 billion in 2020, according to The Radicati Group, which tracks the e-mail market.

It is also not surprising that hacking, phishing and other problems are increasing dramatically as more people rely on e-mail and messaging for communications and more mobile devices come into play. Internetnews.com spoke recently with Jamie de Guerre, director of program partner management at Cloudmark, a messaging security company that relies on a mix of technology and grassroots user feedback to provide real-time protection from spam, phishing attacks and other threats.

The company's subscriber-based service filters more than 3 billion messages per day from more than 100 million mailboxes located in 160 different countries.

Q: Most attacks seem to come through e-mail and instant messaging. Just how much more sophisticated and dangerous is the problem right now?

The volume is increasing and the level [of the attacker] is growing. They are much more advanced and significantly more fraudulent.

Statistics show that up to $1 billion was lost last year in the U.S. to consumers from phishing, and 2.4 million users were victims to phishing attacks. There is also an increase in the number of fraudulent spam attacks, such as stock fraud e-mails. These scammers are making a lot of money at it, so much so that they are now funding pretty advanced software development houses.

Q: But if there are millions of these fraudulent messages being sent, isn't it easy to identify or block these messages?

No. One of the more advanced threats we have seen recently is a stock ad program that actually generates a different border or watermark image in every single e-mail that is sent -- done with high-performance so they can send millions of these things, which is not an easy task.

The message appears the same to the user, but there is maybe a fuzzy border with random pixels. As a result, the security vendors using their software can't identify that e-mail as the same image and can't stop it, unless they use image processing.

Q: The Department of Homeland Security has expressed a concern about hacking as a route to terrorist activities. Is this paranoia, or is it a legitimate concern?

Terrorist don't even necessarily need skills in this area. What we are seeing is that attackers and spammers are trading their knowledge and wares on a kind of online marketplace with each other. Terrorists can just buy hacked computers on this online marketplace.

We had some researchers look into how they do such attacks, and hackers actually advertise their wares to each other. So, a hacker may advertise that he has 10,000 compromised PCs that can send spam for you, and I'll rent them out to you to send out your e-mails.

Q: Some security measures rely on multiple ways of authenticating users and transactions, especially mobile activities. Don't these alternatives reduce the risk of hacking and fraud?

These things do help quite a bit. In the U.K. and France they have gone to an approach called "chip and PIN" for all their credit cards, and that makes it significantly harder. As a result, attackers try other avenues of attack.

We've seen, for example, phishing attacks on PayPal where you don't even have a card, and we've seen attacks directly in ISPs. If you get a user's password for their service provider or e-mail log-on, we've typically found it is the same as the password for their bank. You can then log-on to their online banking and transfer money to where you want.

Spam zombie programs are also creating problems for ISPs, as they take control of a user's PC and take up bandwidth. Attackers are known for finding the best stream they can and finding a way to get on it. And if they control your PC with a zombie then they are probably going to be able to use a higher-speed bandwidth.

Q: Are the third-party security solutions like the ones you might buy at your local computer store more of a temporary band-aid approach? Will they become less effective over time?

It's a combination of two things: The attackers are increasingly advanced, and the current security model can't keep up since it requires people in a room to create rules and create heuristics and then get them out.

There are some solutions that use feedback from users, but our approach is to automate that feedback, automatically analyze the data as it comes in, and then deploy new fingerprints to stop it without needing to do manual work in an operations center.

Q: Are security measures protecting against such things as spam and hacking becoming more of a financial burden to companies, especially those that choose to do everything in-house?

The cost of the infrastructure and the filtering performance is getting worse for enterprises. There are more rules, and the accuracy is worse because they are not able to keep up. Also, spam [sent] to mobile devices is not only intrusive, but if it is an SMS spam, then you are probably charged for that.

Some providers have free receiving, but most are moving to a charge basis. So, the concerns with mobile just get amplified to a huge degree.

Q: Does lot of this spam originate from mobile devices, like cell phones?

Mobile-to-mobile spam that does not come from the Internet hasn't become much of a concern in the U.S. But, it is becoming a concern in Europe and has already been a concern for a while in Japan. We are seeing a lot of growth in that space -- to provide protection between providers and within provider messages going between devices.

Q: How effective are your anti-spam solutions and others against zero-day virus attacks?

We are doing zero-hour anti-virus now and over the past six months and have seen it stop attacks an average of eight hours sooner than other alternatives.

We use the system of users notifying us about viruses and find that five percent of these highly trusted users, which are kind of the power users or the geeky users, immediately click-block when they get a virus. We then have a fingerprinting algorithm that works on Windows executables that enables them to vote on them and block them from other subscribers.

Q: Are there other new hacking trends and techniques users should know about?

There is an activity called "caching," which involves someone using a machine to create bank cards with magnetic strips. A cacher, for example, will advertise that he can create bank cards with serial numbers ending in "595."

He may then be contacted with a kid from anywhere in the world who can pretty easily put together a phishing attack to gather and sell account information to that person and match it with this information to create cards. They will then split the profits from selling the cards.